CloudFlare, a cybersecurity company, said last week that it tried to obtain private key data by exploiting the Heartbleed bug — what it called a “disaster” scenario. The company wasn’t able to do it, but stopped short of calling it impossible. It was just really, really difficult.

Not too difficult, though. CloudFlare at the time set up a test environment and challenged others to obtain the private key data, and since then four people have been successful. “This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability,” CloudFlare wrote in a blog post.

Not that people need reminding of the dangers of the Heartbleed bug, which some security researchers have called “catastrophic.” A significant issue, the Journal’s Danny Yadron wrote recently: A good chunk of the Internet’s security is managed by a team of 11 people — mostly volunteers — with a budget of less than $1 million.